将 keeplived 进程用户从 root 改为 keepalived (或其他)

将 keeplived 进程用户从 root 改为 keepalived (或其他)

我想知道如何将进程名称 root 更改为另一个?

使用以下命令时:

ps aux | grep keepalived
root     26982  0.0  0.0  19344  1560 ?        Ss   11:52   0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D
root     26983  0.0  0.1  19344  2404 ?        S    11:52   0:02 /usr/local/keepalived-2.0.16/sbin/keepalived -D
root     30816  0.0  0.0   9288  1628 pts/1    S+   13:49   0:00 grep --color=auto keepalived

keepalived 按预期工作,处理虚拟 IP 和故障转移。

但我想将 root 更改为用户名:keepalived

我的环境:

(由于https://www.keepalived.org/index.html说:”git master 分支中存在的 Keepalived 代码必须被视为稳定且面向未来的。“,

https://www.keepalived.org/manpage.html只显示一个版本(是2.0.16吗?)文档,我选择2.0.16进行讨论)

(以下信息是2.0.16版本,以root身份运行命令,但我在1.4.5中也看到类似的错误)

我如何安装keepalived:

wget http://keepalived.org/software/keepalived-2.0.16.tar.gz
tar -xvf keepalived-2.0.16.tar.gz
cd keepalived-2.0.16/
zypper in gcc
zypper in openssl-devel
./configure --prefix=/usr/local/keepalived-2.0.16
make
sudo make install

设置 keepalived.conf

vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    script_user keepalived
    enable_script_security
}
# Script used to check if nginx is running
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    weight 2
}
# Virtual interface
# The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass pass
    }
    # The virtual ip address shared between the two loadbalancers
    virtual_ipaddress { # Block limited to 20 IP addresses
        192.168.2.179
    }
    track_script {
        check_nginx
    }
}

我已经尝试过:

  1. cp /usr/lib/systemd/system/keeplaived.service 到 /etc/systemd/system/keepalived.service 并添加用户标签
User=keepalived
Group=users

但是 keepalived 不再工作,keepalived 停止了。

  1. 更改 /etc/systemd/system/keepalived.service 中的目录和权限
#PIDFile=/var/run/keepalived.pid
ExecStart=/usr/local/keepalived-2.0.16/sbin/keepalived $KEEPALIVED_OPTIONS -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
useradd -M -s /bin/nologin -d /opt/keepalived keepalived
chown -R keepalived:users /etc/keepalived/

这时候keepalived开始工作

keepali+ 26289  0.0  0.0  19344  1628 ?        Ss   11:34   0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
keepali+ 26290  0.0  0.1  19344  2456 ?        S    11:34   0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
root     26323  0.0  0.0   9288  1628 pts/1    S+   11:35   0:00 grep --color=auto keepalived

但是在 systemctl status keepalived 和 journalctl -xe 中出现以下错误

-- Unit keepalived.service has begun starting up.
Keepalived[10409]: Starting Keepalived v2.0.16 (05/03,2019), git commit v2.0.15-96-g4d492740+
Keepalived[10409]: Running on Linux 4.12.14-95.13-default #1 SMP Fri Mar 22 06:04:58 UTC 2019 (c01bf34) (bu
Keepalived[10409]: Command line: '/usr/local/keepalived-2.0.16/sbin/keepalived' '-D' '-p'
Keepalived[10409]:               '/etc/keepalived/keepalived.pid' '-r' '/etc/keepalived/vrrp.pid' '-c'
Keepalived[10409]:               '/etc/keepalived/keepalived_checkers.pid'
Keepalived[10409]: Opening file '/etc/keepalived/keepalived.conf'.
Keepalived[10409]: Failed to bind to process monitoring socket - errno 1 - Operation not permitted
systemd[1]: Started LVS and VRRP High Availability Monitor.
-- Subject: Unit keepalived.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit keepalived.service has finished starting up.
-- 
-- The start-up result is done.
Keepalived[10409]: Remove a zombie pid file /etc/keepalived/keepalived.pid
Keepalived[10409]: Remove a zombie pid file /etc/keepalived/vrrp.pid
Keepalived[10412]: Starting VRRP child process, pid=10413
Keepalived_vrrp[10413]: Registering Kernel netlink reflector
Keepalived_vrrp[10413]: Registering Kernel netlink command channel
Keepalived_vrrp[10413]: Opening file '/etc/keepalived/keepalived.conf'.
Keepalived_vrrp[10413]: Assigned address 192.168.2.178 for interface eth0
Keepalived_vrrp[10413]: Assigned address fe80::a00:27ff:feef:6ebe for interface eth0
Keepalived_vrrp[10413]: Error 1 while registering gratuitous ARP shared channel
Keepalived_vrrp[10413]: (VI_1) removing VIPs.
Keepalived_vrrp[10413]: Netlink: error: Operation not permitted, type=RTM_DELADDR(21), seq=1557728895, pid=
Keepalived_vrrp[10413]: cant open raw socket. errno=1
Keepalived_vrrp[10413]: (VI_1) Entering BACKUP STATE (init)
Keepalived_vrrp[10413]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(-1,-1)]
Keepalived_vrrp[10414]: Couldn't setgroups: 100 (Operation not permitted)
Keepalived_vrrp[10413]: VRRP_Script(check_nginx) succeeded
Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 150 to 152
Keepalived_vrrp[10415]: Couldn't setgroups: 100 (Operation not permitted)

(在我的例子中,我使用 keepalived 来故障转移 nginx )另外,我想问

  • 有没有关于 keepalived 的论坛或问答?

  • 安装 keepalived 的更好方法?

    • 来自 zypper(包管理器)的 keepalived 1.4.5(目前)?
    • keepalived 最新 2.0.16(目前)来自源代码?
  • 我所做的事情或者我的想法是否是错误的或者奇怪的?

答案1

根据 Alexandre Cassen 的回复(我通过电子邮件询问)......

答案很简单,事实上,由于 Keepalived 是在操作系统级别运行的,如果使用权限低于 root 的其他用户运行,它将无法工作。Keepalived 需要打开不同的路由通道和内核系统,而这只能通过 root 级别身份验证来完成(RAW 套接字、netlink 设置通道等)。

快速阅读您在该论坛上的帖子并确认,Keepalived 网站上的最后一个稳定版本必须考虑用于生产。我真的很沮丧,大多数 Linux 发行版仍在发布非常旧的版本。Canonical/Ubuntu 在该主题上取得了进展,我们创建了一个snapcraft.ioKeepalived 的软件包与 Keepalived github 紧密相关。但使用最新发布的版本始终是一种很好的做法,我们确实花了很多时间进行测试和调试以提供最佳软件。

所以,答案是否定的。

并尝试使用最新发布的keepalived。

感谢 Alexandre Cassen。

相关内容